Date: Thu, 24 Jun 2004 15:59:12 +0800 (CST) From: Xin LI <delphij@frontfree.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: cyrille.lefevre@laposte.net Subject: ports/68268: [PATCH] SECURITY UPDATE isc-dhcp3-server to 3.0.1rc14 Message-ID: <20040624075912.81B03115DA@beastie.frontfree.net> Resent-Message-ID: <200406240800.i5O80iSc096550@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 68268 >Category: ports >Synopsis: [PATCH] SECURITY UPDATE isc-dhcp3-server to 3.0.1rc14 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Jun 24 08:00:43 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Xin LI >Release: FreeBSD 5.2-delphij i386 >Organization: The FreeBSD Simplified Chinese Project >Environment: System: FreeBSD beastie.frontfree.net 5.2-delphij FreeBSD 5.2-delphij #78: Mon Jun 21 23:19:51 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 >Description: The attached patch upgrades isc-dhcp3-server to 3.0.1rc14, which is a security update. An vuxml entry should be added to warn users about the vulnerablities found in isc-dhcp3-server 3.0.1rc12 - 3.0.1rc13. Maintainer, please review my patch and consider approving it, thanks in advance! According to US-CERT Technical Cyber Security Alert TA04-174A -- MultipleVulnerabilities in ISC DHCP 3: Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a denial of the DHCP service on a vulnerable system. It may be possible to exploit these vulnerabilities to execute arbitrary code on the system. >How-To-Repeat: >Fix: Apply the attached patch, then remove zero-sized file (files/patch-freebsd) --- patch-isc begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3-server/Makefile,v retrieving revision 1.96 diff -u -r1.96 Makefile --- Makefile 18 Jun 2004 07:40:43 -0000 1.96 +++ Makefile 24 Jun 2004 07:41:32 -0000 @@ -7,8 +7,7 @@ # PORTNAME= dhcp -PORTVERSION= 3.0.1.r12 -PORTREVISION= 3 +PORTVERSION= 3.0.1.r14 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= dhcp dhcp/dhcp-3.0-history @@ -113,7 +112,7 @@ BIN_FILES= dhcrelay RC_FILES= isc-dhcrelay .endif -DOC_FILES= ANONCVS CHANGES COPYRIGHT README RELNOTES +DOC_FILES= LICENSE README RELNOTES SAMP_SUFX= .sample Index: distinfo =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3-server/distinfo,v retrieving revision 1.46 diff -u -r1.46 distinfo --- distinfo 11 Mar 2004 13:03:53 -0000 1.46 +++ distinfo 24 Jun 2004 07:33:25 -0000 @@ -1,2 +1,2 @@ -MD5 (dhcp-3.0.1rc12.tar.gz) = cf00193dcf349c888a62e4462ae1eb9c -SIZE (dhcp-3.0.1rc12.tar.gz) = 857323 +MD5 (dhcp-3.0.1rc14.tar.gz) = a68074d9ebdeb355c293d9b3645b3c2c +SIZE (dhcp-3.0.1rc14.tar.gz) = 842712 Index: pkg-message =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3-server/pkg-message,v retrieving revision 1.5 diff -u -r1.5 pkg-message --- pkg-message 1 Jun 2004 13:34:27 -0000 1.5 +++ pkg-message 24 Jun 2004 07:48:28 -0000 @@ -9,9 +9,9 @@ dhcpd_conf="%%PREFIX%%/etc/dhcpd.conf" # configuration file dhcpd_ifaces="" # ethernet interface(s) -**** For instance, rc.conf like variables are still read from %%PREFIX%%\ - /etc/rc.isc-dhcpd.conf. They should be move into /etc/rc.conf. Also, - the dhcpd_options variable must be renamed dhcpd_flags. +**** For instance, rc.conf like variables are still read from + %%PREFIX%%/etc/rc.isc-dhcpd.conf. They should be move into /etc/rc.conf. + Also, the dhcpd_options variable must be renamed dhcpd_flags. **** If compiled with paranoia support (the default), the following options are also supported: Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3-server/pkg-plist,v retrieving revision 1.27 diff -u -r1.27 pkg-plist --- pkg-plist 16 Mar 2004 20:31:15 -0000 1.27 +++ pkg-plist 24 Jun 2004 07:44:01 -0000 @@ -3,9 +3,7 @@ etc/dhcpd.conf.sample etc/rc.d/isc-dhcpd.sh sbin/dhcpd -%%PORTDOCS%%%%DOCSDIR%%/ANONCVS -%%PORTDOCS%%%%DOCSDIR%%/CHANGES -%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT +%%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/RELNOTES %%PORTDOCS%%@dirrm %%DOCSDIR%% Index: files/patch-Makefile.dist =================================================================== RCS file: /home/ncvs/ports/net/isc-dhcp3-server/files/patch-Makefile.dist,v retrieving revision 1.1 diff -u -r1.1 patch-Makefile.dist --- files/patch-Makefile.dist 17 Jan 2004 23:09:02 -0000 1.1 +++ files/patch-Makefile.dist 24 Jun 2004 07:33:56 -0000 @@ -1,25 +1,8 @@ ---- Makefile.dist.orig Fri Nov 8 00:10:08 2002 -+++ Makefile.dist Tue Apr 29 00:07:43 2003 -@@ -3,13 +3,13 @@ - # Copyright (c) 1996-2002 Internet Software Consortium. - # Use is subject to license terms which appear in the file named - # ISC-LICENSE that should have accompanied this file when you --# received it. If a file named ISC-LICENSE did not accompany this -+# received it. If a file named ISC-LICENSE did not accompany this - # file, or you are not sure the one you have is correct, you may - # obtain an applicable copy of the license at: - # --# http://www.isc.org/isc-license-1.0.html. -+# http://www.isc.org/isc-license-1.0.html. - # --# This file is part of the ISC DHCP distribution. The documentation -+# This file is part of the ISC DHCP distribution. The documentation - # associated with this file is listed in the file DOCUMENTATION, - # included in the top-level directory of this release. - # -@@ -17,47 +17,200 @@ - # http://www.isc.org for more information. - # +--- Makefile.dist.orig Fri Jun 11 01:59:10 2004 ++++ Makefile.dist Thu Jun 24 15:33:16 2004 +@@ -22,47 +22,200 @@ + # http://www.isc.org/ + -SUBDIRS= common $(MINIRES) dst omapip server client relay dhcpctl +COMMON_SUBDIRS= common Index: files/patch-freebsd =================================================================== RCS file: files/patch-freebsd diff -N files/patch-freebsd --- files/patch-freebsd 16 Mar 2004 20:31:15 -0000 1.9 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,75 +0,0 @@ ---- client/scripts/freebsd.orig Sun Apr 27 21:44:01 2003 -+++ client/scripts/freebsd Wed Mar 3 02:28:29 2004 -@@ -16,7 +16,7 @@ - ( echo search $new_domain_name >/etc/resolv.conf ) - exit_status=$? - else -- rm /etc/resolv.conf -+ ( rm /etc/resolv.conf ) - exit_status=$? - fi - if [ $exit_status -ne 0 ]; then -@@ -32,17 +32,17 @@ - # Must be used on exit. Invokes the local dhcp client exit hooks, if any. - exit_with_hooks() { - exit_status=$1 -- if [ -f /etc/dhclient-exit-hooks ]; then -- . /etc/dhclient-exit-hooks -+ if [ -f %%PREFIX%%/etc/dhclient-exit-hooks ]; then -+ . %%PREFIX%%/etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script - exit $exit_status - } - - # Invoke the local dhcp client enter hooks, if they exist. --if [ -f /etc/dhclient-enter-hooks ]; then -+if [ -f %%PREFIX%%/etc/dhclient-enter-hooks ]; then - exit_status=0 -- . /etc/dhclient-enter-hooks -+ . %%PREFIX%%/etc/dhclient-enter-hooks - # allow the local script to abort processing of this state - # local script must set exit_status variable to nonzero. - if [ $exit_status -ne 0 ]; then -@@ -51,11 +51,11 @@ - fi - - if [ x$new_network_number != x ]; then -- $LOGGER New Network Number: $new_network_number -+ $LOGGER "New Network Number: $new_network_number" - fi - - if [ x$new_broadcast_address != x ]; then -- $LOGGER New Broadcast Address: $new_broadcast_address -+ $LOGGER "New Broadcast Address: $new_broadcast_address" - new_broadcast_arg="broadcast $new_broadcast_address" - fi - if [ x$old_broadcast_address != x ]; then -@@ -71,6 +71,15 @@ - alias_subnet_arg="netmask $alias_subnet_mask" - fi - -+# Get the interface to which our default route is bound to. -+if [ -x /usr/bin/netstat ]; then -+ if_defaultroute=`/usr/bin/netstat -rn \ -+ | /usr/bin/grep "^default" \ -+ | /usr/bin/awk '{print $6}'` -+else -+ if_defaultroute="" -+fi -+ - if [ x$reason = xMEDIUM ]; then - eval "ifconfig $interface $medium" - eval "ifconfig $interface inet -alias 0.0.0.0 $medium" >/dev/null 2>&1 -@@ -113,7 +122,10 @@ - eval "ifconfig $interface inet -alias $old_ip_address $medium" - route delete $old_ip_address 127.1 >/dev/null 2>&1 - for router in $old_routers; do -- route delete default $router >/dev/null 2>&1 -+ if [ x$if_defaultroute = x ] || [ x$if_defaultroute = x$interface ] -+ then -+ route delete default $router >/dev/null 2>&1 -+ fi - done - if [ -n "$old_static_routes" ]; then - set -- $old_static_routes --- patch-isc ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040624075912.81B03115DA>